Remote Password Vulnerability in Apple QuickTime and Darwin Streaming Server
CVE-2003-0426

Currently unrated

Key Information:

Vendor: Apple
Status: Darwin Streaming Server
Vendor: CVE Published:; 27 August 2003

Summary

The Apple QuickTime and Darwin Streaming Server prior to version 4.1.3f are susceptible to a serious security flaw that permits remote attackers to manipulate the server's administration settings. Exploiting this vulnerability allows unauthorized users to access a 'Setup Assistant' page, where they can reset the administrator password without requiring existing credentials, thus gaining elevated privileges. This represents a significant risk, as attackers can potentially take full control of the affected servers, leading to data breaches, unauthorized access to sensitive information, and overall system compromise.

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q3/...

mailing-listx_refsource_VULNWATCH

http://www.rapid7.com/advisories/R7-0015.html

x_refsource_MISC

Timeline

Vulnerability published
Aug 27, 2003
Vulnerability Reserved
Jun 11, 2003